Service NSW is taking its first steps towards implementing multi-factor authentication for its MyServiceNSW service.
Minister of Customer Service and Digital Administration Victor Dominello announcement the move yesterday on LinkedIn.
This follows the Optus data breach, which drew attention to the security of state-issued IDs such as driver’s licenses.
NSW led the way by agreeing to simplify the process for citizens whose driving licenses were compromised during the breach.
Initially, 2FA will be offered only via authentication codes sent as text, an approach widely considered insecure.
Dominello said SMS-based 2FA is a “first phase of testing,” with further iterations to provide “more robust and practical second-factor choices,” including push notifications and app support. ‘authentication.
He said “the initial pilot won’t be silky smooth”.
Customers who opt for the initial phase, he said, will have to use 2FA for each account login.
As the MFA driver improves, Dominello said, customers will have “the choice of how MFA can be applied (rather than each time a connection occurs).”
“After the initial pilot, Service NSW will work to apply MFA to specific scenarios and transactions in the MyServiceNSW account to protect customers,” he wrote.
“As an example, the AMF will be necessary when customers want to change their bank details.”